Does AD LDS support account lockout?

Question

Does Active Directory Lightweight Directory Services support account lockout like how the full Active Directory domain services does?

score 4 · Accepted Answer · answered Feb 07 '12 at 14:32

By default, AD LDS supports and enforces the password policy settings and account lockout settings that are provided by Windows Server 2008, including the following:

Minimum age

Maximum age

Complexity

History

Too many failed logon attempts

Disabling and enabling of accounts

If the server on which AD LDS is running belongs to a workgroup, the server's local password policy settings and account lockout settings are implemented. If the server on which AD LDS is running belongs to a domain, the password policy settings and account lockout settings from Active Directory Domain Services (AD DS) are implemented

.

From this site - technet.microsoft.com/en-us/library/cc731012(v=ws.10).aspx

And if you set a policy to be applied locally on a domain machine, it will take over. No need to lower the domain wide policy to accomodate AD-LDS users (which might have other needs). — ixe013, Sep 24 '12 at 18:50

Does AD LDS support account lockout?

1 Answers1